Supermondays Internet Security and Privacy talk 281111 my thoughts

Last night I attended my first meeting at the Supermondays group in Newcastle Upon Tyne, Supermondays is a group for IT enthusiasts, who hold monthly talks and socials which are of interest to the IT community.

I’ve recently began going to a few meetings like this, so far I’ve been to one of the @Designinterest group, who are a smaller group, more interested in design/development where the Supermondays group is a more general IT based crowd,

I thoroughly enjoyed all three events, and plan to attend all three groups again, and urge anyone who in works/is interested in the IT or design industry to try out an event like this, I’ve already met some like minded people, and hopefully I can make some likeminded friends because of it (that sounds cheesy as fuck…)

Anyway, about last night. Oh, I would like to point out, that this isn’t a review of the talks, i’m just writing down the thoughts it provoked after listening to them. (Which means its going to be a whole load of rambly bollocks).

the night started off with a table full of sandwiches and drinks, which was fantastic for a free event, and hosted in a Newcastle uni lecture room, which was great, really good venue for the talks, as it was my first time there I don’t know if it’s always there, or it moves around, but it was still great to see it being able to be hosted in such a fantastic venue.

The Subject for the night was Internet Privacy and Security, which involved two talks, by @skipchris & @Infosanity,

I found both talks really interesting, and while @Infosanity’s talk wasn’t something I usually look into much, it really should be. I’m the kind of person who loves learning, I love finding out new things, acquiring new knowledge, which is one of the main reasons why I’ve started going to these talks, to find out new things, but there just aren’t enough hours in the day to learn everything I want to learn!!
I think, after last night though, I should devote a little bit more time to finding out more about internet security.

I mean, I’m a geek, I’ve built my own computers for years, heck, between me and one other colleuge at work, after receiving a quote to install a wired network in our office we decided (and successfully completed!) to do it ourselves, so I’ve probably got more of a clue about computer hardware/setup than your average user on the street, but still, my knowledge of computer security pretty much extends to “have I got a firewall? and is it up t date? yes? awesome. everything is fine then…”

A few years ago, I attended a British Computing Society lecture (back when I was a member, but thats another story..), which was along similar lines, which was hosted at Northumbria Uni,
That was another great talk about internet security, and it really opened my eyes to the kinds of attacks that are out there, before I went to that talk I pretty much thought that hackers only targeted a small number of computers, and you were only really at risk if you were stupid enough to have all of your passwords and bank details in a text file on your desktop, but as it turns out, I was REALLY wrong.

Hackers attack indescrimently, and pretty much any system can come under attack, at any time (the internet never sleeps..), anyway, the thing that stuck with me from that lecture was a photo taken from someones webcam, there was no reason to take the photo, it was just a photo, of someone using a computer, it was the fact they COULD take it that made them do it. The way they violated that persons privacy was what struck me the hardest, needless to say, since then whenever I get a new laptop which has a built in webcam, I uninstall the drivers, then put a piece of black tape over the lens. Paranoid? maybe. well, probably. But I really don’t like the idea of people watching me, especially when I now know how often it happens..

So, that said, I still didn’t really know much about computer security, but last night’s talk really made me think about it. I’m not in charge of any kind of website thats important, I mean, I have my blog, but nothing thats critical to a business or the like, and I don’t ever intend to move into that side of the IT world, so I doubt I will ever know as much as I would like to about computer security, but I think I’m going to make a real effort to look into it a little bit more. I realise that my website could also be hacked, to use the bandwidth or whatever, so I suppose I should really look into seeing how I can make my site more secure, and I found everything that was said really interesting,

Especially when he told us the (no doubt simplified) workflow that the testing process of a system goes through.
The second talk by @Skipchris was the one that really grabbed my attention though.

Chris’ talk was about internet privacy, mainly focusing on the subject of a persons identity. Chris wanted to stimulate some debate from the crowd, and his talk certainly did that, I really enjoyed listening to his talk, and listening to the debate that was spawned from his talk.

When the slide went up that said “multiple identities” (and yes, I saw what you did there! :P), for some reason, my mind went straight to Batman. No, I wasn’t thinking about playing arkham city..

Everyone was talking about things that were all very serious, and I was too, but I just couldn’t stop thinking about Batman.

What would bruce wayne’s online handle be?

That brought me to think about something else too.

There was a quote in one of the slides, which I now cant remember, exactly, but it basically said that a persons identity is built up of a collection of their thoughts, decisions and views (i hope I haven’t just got that completely wrong), and when Chris talked about HIS identity, he said he had two, his “real name” and Skipchris, and he didn’t mind if the two crossed over.

I totally agreed with this, I’ve had an internet persona, or “handle” since I joined the internet in like 1997, back then I was a BIG fan of Red dwarf, and, the film hackers. I was like 11 at the time, the “handles” like “crash override”, “acid burn”, “lord nikon” were all really cool, me and my friends all picked names we thought at the time were cool, I ended up picking “Killcrazy” which i basically copied from a character in red dwarf.

The name stuck, some of my “real world” friends still call me “KC”, and whenever I sign up for something, I always end up choosing the username Killcrazy, more out of habit than anything else, its become part of my identity. Something I chose myself, when I was 11.

So should I change it? now, no one knows that killcrazy was a character who made a brief apperance in season seven of red dwarf, and it’s not exactly a name that makes you think “calm, perfectly normal person”, but, I know i’m harmless, and I’ve had the name for 14 years. How CAN i abandon it?

That leads me to my next thought, I’m Chris Sutherland, I found it hilarious when people were telling tales of their names when they’d googled their own names, One bloke (who shared his name) had killed someone with a car, another bloke shared the name with someone who was in a boy band.
In “real life” there can easily be many people who have the same name, your name forms a major part of your identity, and as the talk suggested, for online websites like Facebook and google, your name is VERY important to them, but yet, it doesn’t have to be unique?

In REAL LIFE. out of the cyber realms, your name doesn’t have to be unique, however online, it does. how does this work?

My identity online is killcrazy, or kil1crazy, or Kil_crazy, thats three variations. and still, when I sign up to things, I am constantly strugling to actually use my own identity. sure an Identity that I created for myself, and, one that I “stole” from a character on a TV programme, but, still. I’ve had that identity since 1997! and I still find it difficult to use it.

Take battlefield 3 for example. Firstly, I hated the way I had to install this program, and the way it runs. I had to install origin, then create an account, then run the game through a browser, which is basically a menu screen, when I pick what I want to do, THEN it launches the game, urgh, from a usability point of view its horrible.
anyway, I digress. So, when I tried to sign up for origin, so I could play the game, Killcrazy, Kil1crazy, KilCrazy, and all the possible variations I could think of this were taken, I had to think of a new name on the spot.
I was being FORCED to pick a NEW IDENTITY.

What did I go for? well, I love batman, but thats too obvious, so I went of HarlQuinzel. It was all I could think of at the time, (add me on BF3! btw!!), So, this made me think about my online identity, In the real world, there can be many Chris sutherland’s and noone cares.

But online, there can be only one Killcrazy. well, one killcrazy per site.

So how far out does my identity stretch? what is my identity online? is it killcrazy? or does it just depend who you are interacting with at the time?

Imagine, when you are at home you have one name, then you go to work and you are called something completely different. Well, I suppose that isn’t a great stretch of the imagination really, when you are born with a name like Christopher, there are so many variations of it, that it’s entirely possible that I could get called different things in different groups.

But they are all variations of a theme, christopher, chris, chrissy. What If at work I was called Dave? that kind of change isn’t really the norm in real life, but on the internet it seems quite common place.

When I log into Battlefield three, I’m known as HarlQuinzel, but when I’m on twitter I’m Kil1crazy (someone is squatting killcrazy… the bastards…), and most of my online names revolve around killcrazy, depending on the different forums, user groups and services I use.

How does that effect my identity? Should there be a way of standardising usernames? The gravatar program seems to be doing quite a good job of giving you th option to have a standard avatar across many sites, why cant this same process be used for usernames?

also, why can’t we have an extra box for logins? I know it could be a pain, but email addresses have to be unique, you usually have to use an email address to sign up to an account for pretty much anything these days,
why cant we have username, password AND email address? the email address could even be second screen, or, a popup/appearing div box once the username/password are input..

I talked about this with a friend last night after the talk, and he brought up the argument of “but what if there are two people with the same username, how would we tell you apart?” well, I agree that could be difficult, but we manage it in real life don’t we??

When I was at school, in my design technology class of around 15 people, 5 of us were called Chris. Yeah, the teacher had a hard time, but he managed. Even with the same first name, we still managed to keep our separate identities?
Online you can differentiate between people with the same username by having a different avatar, signatures, maybe you could have randomly applied colours to profiles or something? Why limit usernames to be unique, when they can form such an important part of a persons identity, especially when usually the internet is a place which (unless you live in china), gives a greater level of freedom than you can get in the real world.

Getting back to batman, (it always comes back to batman), If you’ve ever followed any batman story lines you will know that robin, his faithful sidekick, has actually been more than one person.

I’m not going to go into great depth about Batman comics here, but a brief rundown, for those people who don’t know, robin was/is batman’s sidekick, The original robin was a character called Dick Grayson (this article on wikipedia about DG is pretty comprehensive if you want to read up any furthur, find it HERE), Dick took on the persona of Robin, his superhero alter ego, which was a way for him to hide his real identity and go out and fight crime, this could have been one to discuss in the lecture actually, when people were talking about real names and such, but anyway, to cut a long story short, after a while, dick feels he has outgrown his role as Robin.
Robin will always be batman’s sidekick, or his protégé, So he decides to give up the role, and take on a new persona, as Nightwing.

This Character is a fully blown superhero in his own right, he’s no one’s sidekick, thats all great, but his intention to do that is to open up the role of robin for someone else, so they can learn from batman. As Dick feels he’s learned enough, and can now go out on his own.
but surely robin is an already defined “identity”? As a vigilanty, technically, in the eyes of the law, he’s also a criminal. Dick grayson, is, in reality, a criminal. and he gives up part of his identity, so that he can pass it on to someone else.

How does this work? can an identity be transfered? I know i’m talking about a fictional character/circumstance here, but it still makes me think, Does the new owner of the robin costume take on all of the “crimes” commited by dick grayson? If robin is ever caught by the law, could he be tried? “robin” commits the crimes, obviously its Dick grayson who actually does it, but it’s dick grayson AS robin.
once dick grayson gives up being robin, who can be tried?
Dick? robin? Dick AS robin? the new robin?
If dick is convicted, can the new robin still use the name robin? as robin is a convicted criminal? Or, is it Dick that is the convicted criminal, and robin isn’t?
Who then gets to say Which identity is which? Is dick grayson robin? or is robin dick grayson?

I guess this all boils down to where the law currently stands on a persons identity,

If the law says that “robin” is the criminal, then the new robin could be convicted of a crime that “dick grayson AS robin” actually commited, is that fair?
the new guy (or girl, there’s been at least one girl), will know the risks involved when they take on the role, they would know what was involved, and possibly even know exactly what crimes had been commited. But does that mean that Dick grayson gets away with it?
Should dick be ALLOWED to give up the identity of robin? or should he have to keep it?

This then gets brought back to the real world, where if someone commits a crime online as their online persona, who is it that commits the crime? how can they be tried?
I know people who sell World of warcraft accounts, they play for a while, level up the character, then sell the passwords to the account so someone can jump straight in at a higher level (im pretty sure this breaks T’s and C’s…), but could this be done in the “real” sense?
How are we, in the eyes of the law seen online? are we a machine? Is it the IP address that commits the crime? are we the “user” of the machine? i.e. killcrazy, or, is it the person behind the computer who commits it? Chris Sutherland, at the moment, its probably just taken as fact that it’s always the end user, the “real name” behind the computer that gets convicted, but how is this proved? I haven’t looked into any high profile legal cases, so I’m not sure if this has ever came up before, or whether its something that at the moment isn’t an issue, but could be in the future, if so, how will we police what a person’s username is and can be? and how easily they can change it.

We are getting into an age now where its becoming more common place to leave a mortgage in a will to your children, than to actually leave them a property with property prices being what they are, at one time this was unheard of,
could we in a few years time be able to leave behind an identity? or even to swap identities?
What would that entail?? we can already change our “real names” by deed pole, which some people do to avoid debt etc, bascially leaving behind their old identity and taking on a new one.

Or, is it NOT leaving behind your identity? is it simply adding to it? are we using the TERM identity too loosely?

I don’t know whether I’ve totally missed the point here, hit the nail on the head, or am just thinking about it far too much (and im very sorry about the wall of text, I did warn you at the start it would be a ramble!)

But this talk really did make me start to think. I hope comparing identities with fictional characters hasn’t put people off, but it just seemed to illustrate the points I was thinking about (i don’t know if i’ve actually MADE any points here, or just rambled around some), or if i have come to any conclusions, but This was just litterally supposed to be a collection of thoughts dredged up by the talk, written down. Whether it makes any sense or not I’ll let you decide!

Thank you for reading this if you’ve got this far! (wordpress tells me I’ve written 2832 words to this point… oh dear.)

I hope that this article hasn’t been a total waste of time, and hopefully it’s made you think, or you at least share some of my thoughts, either way, please feel free to comment.